remove nist-ecdsa from basebox

author: kwadronaut <kwadronaut@leap.se> 2015-04-23 11:44:44 +0200
committer: kwadronaut <kwadronaut@leap.se> 2015-04-23 11:44:44 +0200
commit: fd0cf5140c937371038adc19457e94a9cafeb4d6 (patch)
tree: c6ebf0c31d57317a24bff0bb70eb4c90f30be650 /definitions/wheezy
parent: 13ce9694d6fc0677c832865beb2d8813bb462854 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/definitions/wheezy/base.sh b/definitions/wheezy/base.sh
index 0e4686c..8c0fa6c 100644
--- a/definitions/wheezy/base.sh
+++ b/definitions/wheezy/base.sh
@@ -21,6 +21,10 @@ sed -i -e 's/%sudo.*ALL=(ALL:ALL) ALL/%sudo ALL=NOPASSWD:ALL/g' /etc/sudoers
 
 # Tweak sshd to prevent DNS resolution (speed up logins)
 echo 'UseDNS no' >> /etc/ssh/sshd_config
+# remove unsecure nist ecdsa keys
+sed -i /ecdsa/d' /etc/ssh/sshd_config
+# i'm hesitant to include openssh-server from backports for wheezy, so commented out for now
+# HostKey /etc/ssh/ssh_host_ed25519_key
 
 # Remove 5s grub timeout to speed up booting
 echo <<EOF > /etc/default/grub
author	kwadronaut <kwadronaut@leap.se>	2015-04-23 11:44:44 +0200
committer	kwadronaut <kwadronaut@leap.se>	2015-04-23 11:44:44 +0200
commit	fd0cf5140c937371038adc19457e94a9cafeb4d6 (patch)
tree	c6ebf0c31d57317a24bff0bb70eb4c90f30be650 /definitions/wheezy
parent	13ce9694d6fc0677c832865beb2d8813bb462854 (diff)